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The  Interim  Years  of  Cyberspace 

1st  Lt  Robert  M.  Lee,  USAF 

There  is  nothing  more  difficult  to  take  in  hand,  more  perilous  to  conduct,  or 
more  uncertain  in  its  success  than  to  take  the  lead  in  the  introduction  of  a 
new  order  of  things. 

— Machiavelli 


Cyber  power  will  be  as  revolutionary  to  warfare  as  airpower,  but 
the  current  vectoring  of  the  domain  will  determine  which  na¬ 
tion  will  hold  cyber  dominance  and  to  what  effect.  In  the  early 
years  of  the  cyberspace  domain,  the  United  States  primarily  consid¬ 
ered  cyber  power  a  means  of  establishing  broad  command  and  control 
across  the  war-fighting  domains.  Cyberspace  focused  on  communica¬ 
tion;  indeed,  operational  success  depended  upon  maintaining  the  lines 
of  communication.  As  the  domain  grew,  it  assumed  additional  roles  to 
provide  a  support  force  to  traditional  military  operations  while  experts 
explored  other  roles— a  process  that  occurred  at  the  highest  levels  of 
secrecy.  Many  of  the  first  cyberspace  leaders  realized  that  cyber  assets 
offered  a  number  of  options  for  attack,  defense,  and  exploitation  never 


January-February  2013 


Air  &  Space  Power  Journal  |  58 


Report  Documentation  Page 

Form  Approved 

OMB  No.  0704-0188 

Public  reporting  burden  for  the  collection  of  information  is  estimated  to  average  1  hour  per  response,  including  the  time  for  reviewing  instructions,  searching  existing  data  sources,  gathering  and 
maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comments  regarding  this  burden  estimate  or  any  other  aspect  of  this  collection  of  information, 
including  suggestions  for  reducing  this  burden,  to  Washington  Headquarters  Services,  Directorate  for  Information  Operations  and  Reports,  1215  Jefferson  Davis  Highway,  Suite  1204,  Arlington 

VA  22202-4302.  Respondents  should  be  aware  that  notwithstanding  any  other  provision  of  law,  no  person  shall  be  subject  to  a  penalty  for  failing  to  comply  with  a  collection  of  information  if  it 
does  not  display  a  currently  valid  OMB  control  number. 

1.  REPORT  DATE 

FEB  2013  2.  REPORT  TYPE 

3.  DATES  COVERED 

00-00-2013  to  00-00-2013 

4.  TITLE  AND  SUBTITLE 

The  Interim  Years  of  Cyberspace 

5a.  CONTRACT  NUMBER 

5b.  GRANT  NUMBER 

5c.  PROGRAM  ELEMENT  NUMBER 

6.  AUTHOR(S) 

5d.  PROJECT  NUMBER 

5e.  TASK  NUMBER 

5f.  WORK  UNIT  NUMBER 

7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS(ES) 

Air  Force  Research  Institute  (AFRI),155  N.  Twining  Street,Maxwell 
AFB,AL, 36112 

8.  PERFORMING  ORGANIZATION 

REPORT  NUMBER 

9.  SPONSORING/MONITORING  AGENCY  NAME(S)  AND  ADDRESS(ES) 

10.  SPONSOR/MONITOR'S  ACRONYM(S) 

11.  SPONSOR/MONITOR'S  REPORT 
NUMBER(S) 

12.  DISTRIBUTION/AVAILABILITY  STATEMENT 

Approved  for  public  release;  distribution  unlimited 

13.  SUPPLEMENTARY  NOTES 

14.  ABSTRACT 

15.  SUBJECT  TERMS 

16.  SECURITY  CLASSIFICATION  OF:  17.  LIMITATION  OF 

_ _ _  ABSTRACT 

18.  NUMBER  19a.  NAME  OF 

OF  PAGES  RESPONSIBLE  PERSON 

a.  REPORT  b.  ABSTRACT  c.  THIS  PAGE  Same  OS 

unclassified  unclassified  unclassified  Report  (SAR) 

22 

Standard  Form  298  (Rev.  8-98) 

Prescribed  by  ANSI  Std  Z39-18 


Cyber  Focus 


V  Feature 


Lee 


The  Interim  Years  of  Cyberspace 


before  afforded  to  military  commanders.  In  a  highly  connected  world 
where  substantial  advancements  in  technology  were  common,  the  ca¬ 
pabilities  and  weapons  in  cyberspace  became  even  more  impressive. 

The  current  stage  of  cyberspace  development  resembles  the  interim 
years  between  World  War  I  and  World  War  II,  when  airpower  re¬ 
sponded  to  challenges  by  emerging  as  a  powerful  military  tool.  No 
comparison  does  better  justice  to  contemporary  cyberspace  than  air- 
power  during  those  foundational  years.  At  that  time,  theorists  and  mil¬ 
itary  officers,  including  Gen  Giulio  Douhet,  Marshal  of  the  Royal  Air 
Force  Hugh  Trenchard,  and  Brig  Gen  William  "Billy”  Mitchell,  helped 
guide  the  direction  of  airpower.  As  cyberspace  reaches  its  full  potential 
as  a  domain  of  warfare  equal  to  the  traditional  domains,  we— like  those 
leaders— must  vector  it  properly. 

Toward  that  end,  this  article  discusses  airpower  during  the  interwar  pe¬ 
riod  as  well  as  key  lessons  learned  that  we  can  apply  to  the  cyberspace 
domain.  It  then  offers  three  suggestions  that  address  the  vectoring  of  the 
cyberspace  domain:  empowering  commanders  with  actionable  cyber  in¬ 
telligence,  defending  the  nation  with  a  combined  civilian-military  ap¬ 
proach,  and  developing  a  long-term  strategy  for  the  domain  by  embrac¬ 
ing  the  cyber  culture  and  educating  our  young  leaders  in  cyber. 
Understanding  the  past,  applying  lessons  learned,  and  planning  the  way 
forward  will  allow  us  to  secure  true  cyberspace  dominance. 


The  Interim  Years  of  Airpower 

Prior  to  World  War  I,  the  use  of  aircraft  was  extremely  limited,  and 
many  people  did  not  consider  them  a  viable  military  option.  For  exam¬ 
ple,  in  Aeronautics  (1908)  William  H.  Pickering,  a  notable  American  as¬ 
tronomer,  observed  that  "another  popular  fallacy  is  to  suppose  that  fly¬ 
ing  machines  could  be  used  to  drop  dynamite  on  an  enemy  in  a  time 
of  war.”1  Only  six  years  later,  on  14  August  1914,  a  French  Yoisin  air¬ 
craft  bombed  German  zeppelin  hangars  at  Metz-Frascaty.2  The  idea  of 
conducting  aerial  warfare  quickly  gained  prominence.  The  next  few 
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years  saw  the  development  of  strategic-bombing  aircraft  and  their  use 
in  air  actions  such  as  the  raids  by  German  Gothas  on  England.3  How¬ 
ever,  the  employment  of  aircraft  and  balloons  in  warfare  was  not  new. 
In  China  during  the  third  century,  Gen  Zhuge  Liang  signaled  military 
forces  and  scared  away  enemies  with  balloons  known  as  Kongming 
lanterns.4  Yet,  only  advancements  in  technology  and  powerful  demon¬ 
strations  of  force  in  World  War  I  could  expedite  the  domain's  impor¬ 
tance  and  use. 

The  success  of  airpower  in  that  war,  including  Lt  Frank  Luke  Jr.'s  de¬ 
struction  of  14  heavily  guarded  German  balloons,  convinced  several 
military  leaders  that  aircraft  could  support  the  traditional  domains  of 
land  and  sea  warfare.5  The  debate  at  the  time  did  not  concern  whether 
or  not  to  use  airpower  but  the  means  of  developing  it  and  determining 
which  branch  of  service  would  take  the  lead.  In  the  years  between  the 
world  wars,  aviation  concentrated  on  defending  the  nation  from  adver¬ 
saries.6  However,  some  of  those  defensive  capabilities  also  offered  of¬ 
fensive  possibilities.  The  flexibility  of  airpower  created  intense  debates 
between  the  Army  and  Navy  because  Army  Air  Corps  aircraft  could  fill 
traditional  Navy  roles. 

In  1921  General  Mitchell  used  MB-2  bombers  from  Langley  Field, 
Virginia,  to  sink  three  naval  vessels,  including  the  Ostfriesland,  a  mod¬ 
ern  battleship  captured  from  the  Germans.7  This  test  demonstrated 
that  aircraft  could  independently  attack  offshore  targets.  It  also  showed 
that  if  the  Army  continued  to  empower  the  Air  Corps,  the  Navy  might 
lose  its  primary  mission  of  coastal  defense. 

Partially  in  rebuttal  to  General  Mitchell’s  test,  in  1925  the  Navy  re¬ 
vealed  a  plan  to  increase  the  number  of  its  shore-based  aircraft  from 
334  to  583. 8  Maj  Gen  Mason  Patrick,  chief  of  the  Air  Service,  saw  this 
as  a  move  by  the  Navy  Department  to  take  control  of  the  entire  coastal 
defense  mission.9  This  dispute  between  the  Army  and  Navy  continued 
to  escalate,  and  leaders  of  both  services  worried  that  if  they  could  not 
find  a  solution,  Congress  might  create  an  independent  air  corps.10  At¬ 
tempts  by  the  War  Department  and  Congress  to  satisfy  both  services 
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proved  fruitless.11  Amidst  the  services'  disagreement,  General  Mitchell 
strongly  advocated  the  establishment  of  a  separate  branch  of  service 
and  attempted  to  win  the  support  of  the  public  in  an  effort  to  pressure 
Congress  to  act.12  After  his  court-martial,  he  resigned  from  the  Army 
Air  Service  in  1926  but  continued  to  campaign  publicly  for  an  indepen¬ 
dent  Air  Force.13 

In  1934  Gen  Henry  “Hap”  Arnold  received  a  tasking  to  fly  from  Day- 
ton,  Ohio,  to  Alaska  with  10  Martin  B-10  bombers.  On  the  return  trip, 
he  detoured  from  his  route  by  flying  over  the  ocean  instead  of  across 
Canada,  not  only  demonstrating  the  bombers'  coastal  range  but  also 
enraging  Gen  Douglas  MacArthur,  the  Army  chief  of  staff.14  Neverthe¬ 
less,  members  of  Congress  and  the  War  Department  ultimately  em¬ 
braced  the  claims  of  such  individuals  as  Arnold  and  Mitchell  that  the 
nation  needed  an  independent  Air  Force. 


Lessons  Learned  from  Airpower 

The  cyberspace  domain  need  not  be  a  separate  branch  of  service. 
However,  the  true  potency  of  cyber  power  remains  unrealized,  as  was 
the  case  with  airpower  in  the  early  years  of  the  aerial  domain.  If  we  un¬ 
derstand  this,  we  can  extract  key  lessons  learned  from  the  nascent  aerial 
domain  and  apply  them  to  the  development  of  the  cyberspace  domain. 

Lesson  One:  A  Unified  Military  Approach  Is  More  Beneficial  to 
Securing  a  Domain  of  Warfare 

One  of  the  issues  with  realizing  the  potential  of  the  aerial  domain  con¬ 
cerned  early  competition  between  the  Army  and  Navy  over  its  con¬ 
trol-competition  that  led  to  creation  of  the  Air  Force.  That  service 
acted  as  a  combined  and  vectored  national  approach  to  creating  better 
aerial  technologies  and  strategies.  Had  its  establishment  occurred 
sooner,  the  Air  Force  may  have  generated  even  more  gains.  In  this 
way,  cyber  power  has  an  advantage.  The  cyberspace  domain  does  not 
encroach  upon  the  traditional  roles  of  the  Army,  Air  Force,  or  Navy. 
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The  cyber  mission  can  work  both  independently  from,  and  synergisti- 
cally  with,  the  traditional  war-fighting  domains  across  each  branch. 
This  combined  approach  from  the  services  benefits  the  entire  domain, 
and  although  we  should  encourage  competition  among  the  services, 
each  one  should  play  a  significant  role. 

Lesson  Tlvo:  Airpower  Had  the  Ability  to  Make  Influential  Political 
Statements  That  Transcended  Its  Own  Destructive  Capability 

Cyber  power,  very  much  like  airpower,  can  be  a  destructive  force  if 
wielded  alone  and  to  full  measure.  Early  Airmen  took  pride  in  believ¬ 
ing  that  aerial  attacks  by  themselves  could  lead  to  victory;  however, 
they  understood  neither  its  destructiveness  if  left  unchecked  nor  the 
importance  of  limiting  conflict.15  During  the  Vietnam  War,  President 
Lyndon  Johnson  and  Secretary  of  Defense  Robert  McNamara  met 
weekly  to  discuss  the  targets  that  pilots  would  bomb.  Once  considered 
political  micromanagement,  this  handpicking  of  targets  controlled  the 
political  implications  of  aerial  attacks.16  The  new— and  in  many  cases 
frightening— power  brought  by  bombing  raids  made  a  strong  statement 
not  only  to  North  Vietnam  but  also  to  other  nations  watching  closely. 
Similarly,  cyber  power  can  make  influential  statements,  and  we 
should  not  wield  it  indiscriminately.  A  cyber  attack  that  collapses  the 
global  stock  market,  disables  a  fleet  of  naval  warships,  or  crashes  the 
latest  development  in  aircraft  will  have  enormous  political  conse¬ 
quences. 

Lesson  Three:  Like  Airpower ,  Cyber  Power's  Technologically 
Advanced  Nature  Allows  It  to  Blur  the  Lines  of  War;  Thus,  We  Must 
Wield  It  Responsibly 

Douhet  believed  that  the  range  of  aircraft  would  permit  the  targeting 
of  civilians  and  combatants  alike  in  future  wars.  Airpower,  he  rea¬ 
soned,  did  not  know  the  limits  of  traditional  battlefields  and  could  act 
without  inhibition.  Without  boundaries  on  the  battlefield,  no  areas 
would  feel  safe  to  civilians.17  Cyber  power,  too,  can  quickly  and  specifi- 
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cally  target  networks  and  information  systems  throughout  the  world, 
blurring  the  lines  of  battlefields.  This  characteristic,  in  conjunction 
with  its  destructive  force,  generates  fear  of  its  capabilities  among  the 
population— one  just  as  strong  as  that  from  terrorist  attacks.  Conse¬ 
quently,  we  cannot  underestimate  its  power  to  influence  popular  opin¬ 
ion  and  politics  or  its  ability  to  guide  the  development  of  cyber  capa¬ 
bility.  When  a  nation  uses  cyber  power,  it  must  first  carefully  evaluate 
its  own  citizens'  sense  of  security  and  the  effects  that  cyber  assets  will 
have  on  that  feeling  after  their  employment. 

Lesson  Four:  The  Nature  of  War  Is  Not  Limited  by  Technological 
Advancements 

Nevertheless,  the  idea  that  technology  will  eliminate  the  ugliness  of 
war  has  influenced  military  planners  throughout  history.18  Douhet  be¬ 
lieved  that  the  inherently  offensive  nature  of  airpower,  later  famously 
reinforced  by  Sir  Stanley  Baldwin's  statement  that  “the  bomber  will  al¬ 
ways  get  through,”  would  curtail  bloodshed  during  war.19  To  him, 
bombing  cities  and  attacking  civilians  would  result  in  fewer  deaths 
than  would  the  clash  of  armies.20  The  Italian  general  thought  that  stra¬ 
tegic  bombing  would  break  the  morale  of  civilians,  prompting  them  to 
demand  that  their  leaders  end  wars  early.  Instead,  aerial  bombing 
raids  usually  bolstered  civilian  morale  against  the  known  enemy.21 
Without  proper  attribution,  though,  in  cyberspace  the  enemy  may  re¬ 
main  unknown,  creating  unspecified  effects  on  the  civilian  population, 
perhaps  including  broken  morale.  Regardless  of  the  effects  of  an  un¬ 
known  cyber  attacker,  technology  cannot  end  bloodshed.  Therefore, 
we  must  employ  cyber's  capabilities  with  the  understanding  that 
proper  use  can  limit  casualties  but  that  overuse  can  equally  encourage 
them.  War  will  always  be  an  ugly  thing.22 
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Lesson  Five:  Airpower  Used  a  Varied  Approach  to  Secure  the 
Domain,  and  So  Must  Cyber  Power 

General  Mitchell  did  not  consider  bombers  the  quintessential  form 
of  airpower,  believing  instead  in  the  necessity  of  multiple  types  of 
aircraft,  including  those  with  offensive  and  reconnaissance  missions.23 
His  concept  of  airpower  is  more  akin  to  the  current  diverse  nature 
of  cyber  power  and  varied  cyber  assets,  which  can  support  national 
defense,  intelligence  gathering,  and  offensive  actions— and  do  so  just 
as  well  as  or  better  than  other  military  assets.  Multiple  types  of  aircraft 
enabled  the  development  of  persistent  intelligence,  surveillance,  and 
reconnaissance  (ISR)  aerial  platforms  and  offensive  air  capabilities, 
which  help  ensure  air  dominance  and  support  to  other  war-fighting 
domains.24  The  addition  of  a  variety  of  cyberspace  capabilities  directly 
enhances  already-established  ISR  and  offensive  operations  while 
enabling  the  development  of  new  ones. 


Commanders  and  Actionable  Cyber  Intelligence 

Vectoring  the  cyberspace  domain  should  involve  empowering  com¬ 
manders  with  more  actionable  intelligence  through  cyber  capabilities. 
Cyber  power  offers  critical  advantages  to  campaign  planning;  conse¬ 
quently,  intelligence-based  cyber  operations  should  become  part  of  the 
preparation  of  the  operational  environment  phase,  which  includes 
compromising  enemy  networks  and  readying  cyber  weapons  for  use 
in  the  event  of  conflict.  During  the  posturing  for  offensive  cyber  op¬ 
erations,  information  exploited  from  compromised  systems  can  aid  in 
the  joint  intelligence  preparation  of  the  operational  environment,  im¬ 
proving  commanders'  situational  awareness  of  the  battlefield.25 

Commanders  use  campaign  planning  to  “synchronize  efforts”  and  is¬ 
sue  complementary  guidance.26  The  two  major  phases  of  the  planning 
process— contingency  planning  and  crisis  action  planning— benefit 
from  the  timely  information  and  attack  options  that  cyber  power  pres- 
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ents,  including  an  understanding  of  enemy  capabilities  and  strategies. 
Having  the  assumptions  and  plans  made  in  the  contingency  phase 
more  closely  match  the  crisis  action  phase  expedites  the  joint  opera¬ 
tion  planning  process.27  This  quick-selection  process  empowers  com¬ 
manders  with  the  ability  to  strike  first,  target  precisely,  and  more 
readily  defend  counterattacks.  Information  gathered  from  the  prepara¬ 
tion  of  the  operational  environment  phase  also  decreases  the  effective¬ 
ness  of  the  enemy’s  attempts  at  deception. 

With  access  to  military  doctrine,  enemy  forces  may  choose  to  avoid 
efficient  courses  of  action  or  even  fake  them.  The  combination  of  cy¬ 
ber  and  ISR  capabilities  can  detect  these  deceptions.  Multiple  ISR  plat¬ 
forms  such  as  manned  aircraft,  remotely  piloted  aircraft,  and  satellites, 
as  well  as  human-gathered  intelligence,  contribute  to  creation  of  the 
intelligence  preparation  of  the  battlespace. 28  Individually,  cyber  and 
ISR  severely  weaken  the  enemy's  ability  to  hide  troops,  sensitive  infor¬ 
mation,  operational  plans,  and  centers  of  gravity.  The  combination  of 
the  two  through  imagery  intelligence,  signals  intelligence,  human  in¬ 
telligence,  and  computer  network  operations  provides  an  unprece¬ 
dented  level  of  battlefield  situational  awareness  to  commanders.  This 
awareness  can  also  enable  cyberspace  operations,  whose  capabilities 
include  weapon  systems  platforms  that  degrade,  disrupt,  and  destroy 
an  adversary's  communication,  control,  and  physical  assets.  The  en¬ 
hanced  situational  awareness  that  cyber  and  ISR  give  to  commanders 
aids  in  creation  of  holistic  and  realistic  statements  of  the  commander's 
intent,  as  discussed  in  the  joint  operation  planning  process  model.  Bet¬ 
ter  statements  make  the  planning  guidance  more  accurate  and  assist 
in  the  selection  of  effective  courses  of  action.29 

With  adversaries  relying  heavily  on  cyberspace  for  communication, 
the  number  of  capabilities  offered  to  commanders  to  collect,  exploit,  and 
disrupt  this  information  has  never  been  greater.  These  options,  which 
exist  throughout  all  military  operations,  could  help  minimize  what  mili¬ 
tary  theorist  Carl  von  Clausewitz  referred  to  as  the  fog  of  war.30  How¬ 
ever,  many  commanders  cannot  access  them.  If  shared  properly,  cyber 
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operations  would  increase  the  chances  for  operational  success  in  other 
domains  and  restrict  the  human  and  financial  costs  of  war. 

These  cyber  capabilities  have  not  gone  unnoticed,  though,  and  the 
stand-up  of  US  Cyber  Command  indicates  that  the  cyberspace  domain 
is  moving  in  the  right  direction.31  However,  we  need  to  do  more  to 
supply  commanders  with  actionable  intelligence  and  capabilities 
through  cyber  operations.  Regarding  the  direction  of  cyberspace,  Maj 
Gen  Brett  T.  Williams,  director  of  operations  (J3)  for  US  Cyber  Com¬ 
mand,  called  for  empowering  joint  force  commanders  and  combatant 
commands  (COCOM)  with  cyber  capabilities  and  command  and  con¬ 
trol  of  cyber  operations.  A  lack  of  visibility  of  cyber  components  criti¬ 
cal  to  a  mission's  success  puts  commanders  at  a  disadvantage.  Major 
General  Williams  suggested  creation  of  the  Theater  Cyber  Operations 
Command,  similar  to  a  Theater  Special  Operations  Command,  to  pro¬ 
vide  geographic  combatant  commanders  with  cyber  capabilities  under 
the  control  of  COCOMs.32  Establishing  a  method  similar  to  this  one 
would  give  commanders  more  actionable  intelligence,  and  they  could 
then  request  cyber  capabilities  relevant  to  their  mission.  Having  the  cy¬ 
ber  situational  awareness  to  accurately  request  capabilities  is  one  of  the 
most  critical  components  of  leveraging  cyber  power.  This  aspect  has 
gained  attention  since  Major  General  Williams  made  his  observations. 
In  the  summer  of  2011,  Gen  Keith  Alexander,  head  of  US  Cyber  Com¬ 
mand,  discussed  progress  in  supporting  operations  in  Iraq  and  Afghani¬ 
stan  through  the  deployment  of  expeditionary  teams,  especially  in 
terms  of  combatant  commanders’  ability  to  request  cyber  support.33 

Much  work  in  the  cyberspace  domain  remains  with  regard  to  deliver¬ 
ing  cyber  intelligence  and  capabilities  to  commanders.  After  the  estab¬ 
lishment  of  more  direct  approaches  for  doing  so,  classification  of  the  in¬ 
formation  becomes  the  limiting  factor  in  making  it  actionable.  To 
protect  cyber  capabilities,  we  must  not  reveal  certain  details  and  tech¬ 
nologies  that  would  allow  adversaries  to  counter  or  safeguard  against 
them.  Currently,  however,  the  intelligence  and  information  gathered 
from  cyber  capabilities  are  overclassified.  Commanders  cannot  request 
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capabilities  they  don't  know  about.  Instead  of  providing  processes  to  re¬ 
quest  cyber,  we  must  make  an  effort  to  declassify  cyber  intelligence 
and  information  that  does  not  weaken  cyber  capabilities.  Doing  so  will 
not  only  support  commanders  but  also  enable  tactical-level  leaders  to 
make  reasonable  requests  to  their  leadership  in  support  of  daily  opera¬ 
tions.  Moreover,  the  declassification  of  some  cyber  intelligence  and 
information  would  allow  more  sharing  among  government  agencies 
and  civilian  leaders  who  operate  in  law  enforcement  agencies.  Perhaps 
even  more  important,  the  sharing  of  actionable  cyber  intelligence  that 
could  assist  network  defenses  would  enable  civilian  leadership  to  better 
protect  sectors  such  as  critical  infrastructure.  This  sharing  of  informa¬ 
tion  would  directly  correlate  with  improvements  in  national  security. 


Cyber  Weapons  and  the  Home  Front 

During  these  interim  years  of  cyberspace,  increased  civilian-military 
partnership  for  the  defense  of  the  nation  would  also  prove  advanta¬ 
geous.  Recent  cyber  events  have  shown  that  the  level  of  versatility  and 
expertise  in  select  cyber  weapons  can  overpower  even  carefully 
crafted  defenses.  The  combined  experience  and  knowledge  of  military 
and  civilian  professionals  can  better  protect  against  these  advanced 
threats.  No  better  example  of  advanced  cyber  threats  currently  exists 
than  the  dangers  associated  with  Stuxnet. 

In  June  2010,  the  Stuxnet  worm  came  to  light  and  quickly  gained  no¬ 
toriety  as  one  of  the  most  advanced  pieces  of  malware  ever  discov¬ 
ered.  The  worm,  which  self-replicates  and  spreads  among  information 
systems,  takes  advantage  of  an  unprecedented  four  unpatched  vulner¬ 
abilities— known  as  zero-day  vulnerabilities— while  employing  a  root 
kit  (a  piece  of  code  that  enables  persistent  access),  two  command  and 
control  servers,  and  legitimate  signed  certificates.34  The  code  consists 
of  two  sections:  the  weapon  system  and  the  payload,  the  former  quite 
impressive  and  containing  the  aforementioned  features  but  paling  in 
comparison  with  the  advanced  nature  of  the  payload. 
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Stuxnet  was  specifically  designed  to  target  supervisory  control  and 
data  acquisition  (SC ADA)  systems  and  industrial  control  systems  (ICS). 
More  accurately,  the  payload  specifically  targeted  programmable  logic 
controllers  (PLC)  that  governed  the  centrifuges  at  the  Iranian  nuclear 
facility  in  Natanz.  The  worm's  payload  physically  damaged  the  centri¬ 
fuges  by  spinning  them  up  and  slowing  them  down  to  precisely  the 
appropriate  speeds  for  maximum  degradation.35  Although  the  full  out¬ 
comes  of  the  worm  remain  unknown,  satellite  imagery  indicates  that 
over  1,000  of  the  centrifuges  were  destroyed.36  This  feat  required  not 
only  some  of  the  best  programmers  and  ICS/PLC  engineers  in  the 
world  but  also  a  better  understanding  of  the  secretive  Natanz  facility’s 
layout  than  most  of  the  engineers  that  worked  there  would  have  had.37 

Largely  seen  as  a  cyber  weapon  created  and  employed  by  at  least 
one  nation-state,  Stuxnet  launched  intense  discussions  and  multiple 
academic  papers  on  the  use  of  cyberspace  as  a  domain  of  warfare.  The 
Russian  ambassador  to  the  North  Atlantic  Treaty  Organization  even 
went  so  far  as  to  state  that  the  Stuxnet  worm  could  have  caused  "a  new 
Chernobyl”  if  the  program  had  released  the  uranium  gas  in  the  centri¬ 
fuges  instead  of  causing  degradation.38  Though  operations  had  previ¬ 
ously  taken  place  in  cyberspace,  the  media  portrayal  of  the  power  of 
the  Stuxnet  cyber  weapon  made  the  discussion  of  cyber  warfare  a  very 
public  one.  Stuxnet  did  for  cyberspace  what  the  early  bombings  in 
World  War  I  did  for  airpower;  that  is,  it  brought  the  discussion  to  the 
public  and  undoubtedly  forced  many  corporations  and  nation-states  to 
research  cyber  capabilities  more  heavily.  In  a  way,  this  event— cou¬ 
pled  with  past  cyber  operations  over  the  last  few  decades,  including 
the  attacks  against  government  and  financial  sectors  in  Estonia  in  2007 
and  those  that  coincided  with  the  Russian  invasion  of  Georgia  in 
2008— represents  the  start  of  the  interim  years  of  cyberspace.39 

Although  Stuxnet  infected  and  spread  to  thousands  of  computer  sys¬ 
tems,  its  only  recognized  targets  were  the  centrifuges  at  Natanz.  The 
event  did  not  greatly  affect  systems  in  the  United  States  or  reach  the 
level  of  a  cyber  attack  that  would  push  a  nation  into  war.  However,  ac- 
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cording  to  Secretary  of  Defense  Leon  Panetta,  "The  potential  for  the 
next  Pearl  Harbor  could  very  well  be  a  cyber  attack.”40  This  observa¬ 
tion,  coupled  with  General  Alexander's  statements  that  segments  of 
the  nation's  critical  infrastructure  are  not  prepared  to  handle  cyber  at¬ 
tacks  and  that  this  situation  worries  him  the  most,  makes  obvious  the 
paramount  importance  of  protecting  these  assets  from  cyber  attacks.41 
Furthermore,  Stuxnet  has  shown  that  these  cyber  capabilities  exist  and 
have  been  utilized  by  at  least  one  nation-state. 

The  Stuxnet  story  is  not  over,  though.  The  laboratory  that  discov¬ 
ered  the  piece  of  malware  now  known  as  Duqu  on  14  October  2011 
quickly  recognized  its  relationship  to  the  Stuxnet  malware.  Duqu  dif¬ 
fers  from  Stuxnet  in  that  it  is  a  targeted  remote-access  Trojan  that 
steals  information  instead  of  a  worm  that  damages  centrifuges.42  It  in¬ 
fected  a  number  of  different  sites,  including  universities,  manufactur¬ 
ers,  and  certificate  authorities  in  a  style  of  attack  that  gathers  data  to 
use  in  making  another  Stuxnet-styled  cyber  weapon.43  Although  dif¬ 
ferent  in  style  and  targets,  Duqu  uses  much  of  Stuxnet's  source  code, 
and  the  same  coding  team,  utilizing  a  common  coding  platform 
named  Tilded,  seems  to  have  produced  both  pieces  of  malware.44 

Similar  to  a  "Lego  set,”  the  Tilded  platform  lends  itself  to  putting  to¬ 
gether  different  pieces  or  modules  of  code  to  create  entirely  different 
malware.45  This  platform-based  approach  allows  a  team  to  create  a 
quickly  adaptable  cyber  weapon  that  can  use  different  modules  and 
payloads  for  employment  against  very  different  targets  and  produce 
different  outcomes.  Additionally,  the  malware  created  from  the  plat¬ 
form  can  be  updated  with  different  stealth  measures,  including  the 
changing  of  encryption  algorithms  used  to  hide  its  code— as  occurred 
with  an  updated  version  of  Duqu  found  in  February  2012. 46 

Aerial  warfare  has  taken  a  platform-based  approach  to  weaponry  for 
years.  Instead  of  creating  aircraft  with  single  functions,  the  Depart¬ 
ment  of  Defense  (DOD)  has  purchased  aircraft  such  as  the  F-16,  F-22, 
and  MQ_-1 ,  which  can  fulfill  completely  different  mission  sets  based  on 
their  type  of  payload.  Evidently  this  approach  is  now  catching  on  in 
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the  cyberspace  domain,  posing  a  number  of  risks  to  various  aspects  of 
national  security.  A  single  cyber  weapon  platform  could  steal  informa¬ 
tion  from  universities  and  manufacturers  to  create  multiple  cyber 
weapons  that  would  then  attack  aircraft,  Internet  nodes  essential  to 
command  and  control,  air  defense  systems,  and  critical  infrastructure. 

Gen  Norton  Schwartz,  former  Air  Force  chief  of  staff,  stated  that  the 
Air  Force  is  pursuing  "cyber  methodologies  to  defeat  airborne  threats,” 
but  other  sources  have  indicated  that  the  technology  is  already  avail¬ 
able.47  During  testimony  to  the  Senate  Armed  Services  Committee,  Lt 
Gen  Herbert  Carlisle  stated  that  "the  Russians  and  the  Chinese  have  de¬ 
signed  specific  electronic  warfare  platforms  to  go  after  our  high-value 
assets.  Electronic  attack  can  be  the  method  of  penetrating  a  system  to 
implant  viruses.”48  As  traditional  platform-based  weapon  systems  be¬ 
come  more  diverse  and  utilize  more  capabilities,  such  as  advanced  ra¬ 
dar  systems,  they  become  more  vulnerable  to  cyber  attacks.  These  cy¬ 
ber  vulnerabilities  make  the  benefits  of  cyber  weapon  platforms  more 
alluring  to  adversaries.  Such  weaknesses,  combined  with  the  capabili¬ 
ties  demonstrated  by  the  Tilded  platform,  suggest  that  the  threat  of  a 
future  platform-based  cyber  weapon  system  attacking  multiple  DOD 
and  civilian  sectors  is  not  merely  possible  but  probable.  We  cannot  de¬ 
fend  against  the  power  of  such  weapons  without  a  combined  military- 
civilian  approach. 

In  these  interim  years  of  cyberspace,  the  government  must  ensure 
national  security  by  encouraging  cooperation  with  civilian  leadership 
in  sectors  such  as  critical  infrastructure.  Operators,  engineers,  and  de¬ 
velopers  of  that  infrastructure  possess  keen  insight  into  the  systems 
that  demand  active  protection,  yet  they  can  supply  full  details  about 
their  systems  and  their  understanding  of  them  only  when  they  receive 
actionable  intelligence  from  the  government.  Armed  with  declassified 
intelligence,  civilian  counterparts  can  give  better  advice  about  defend¬ 
ing  systems  they  have  operated  for  years.  Just  as  it  makes  sense  to 
classify  some  cyber  offensive  capabilities,  so  should  we  leave  some  cy¬ 
ber  defense  capabilities  classified  as  well.  Some  cyber  defenses, 
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though,  should  be  largely  transparent  so  that  we  can  identify  and  re¬ 
mediate  weaknesses.49 

Even  non-cyber-related  ICS  and  SCADA  system  incidents  can  pro¬ 
duce  significant,  drastic  effects  on  civilian  populations.  On  17  August 
2009,  the  245-meter-high  Shushenskaya  dam— the  largest  in  Russia- 
experienced  an  ICS  failure  that  shook  south  central  Siberia.  A  break  in 
communications  produced  by  a  hre  at  a  power  station  more  than  500 
miles  away  caused  a  sudden  surge  of  water  pressure  that  ripped  apart 
a  940-ton  turbine.  The  incident  resulted  in  the  death  of  75  people  and 
$1.3  billion  in  rebuilding  costs.50  Neither  a  cyber  attack  nor  the  action 
of  any  nation-state,  the  incident  could  have  occurred  as  a  result  of  a 
deliberate  cyber  strike  and  could  have  generated  more  civilian  deaths 
and  financial  costs. 

The  Natanz  nuclear  enrichment  facility  and  the  Shushenskaya  dam 
are  only  two  examples  of  the  uses  of  ICS  and  SCADA  systems,  which 
affect  every  aspect  of  daily  life,  including  the  stock  market,  oil  indus¬ 
try,  electrical  power  grid,  water  filtration,  and  Internet  and  satellite 
communication  networks.  Thus,  these  systems  have  become  one  of 
the  most  sought-after  and  viable  targets  of  cyber  weapons  based  in 
nation-states  and  must  be  treated  accordingly.  We  can  properly  protect 
them  only  with  a  unified  civilian-military  approach. 


Winning  the  Next  Generation 

Lastly,  embracing  a  long-term  strategy  for  developing  the  cyber  cul¬ 
ture  and  educating  the  next  generation  of  cyberspace  operators,  in¬ 
cluding  the  nation's  youth,  would  help  establish  dominance  in  the  cy¬ 
berspace  domain.  Severe  shortages  exist  in  the  availability  of  skilled 
cybersecurity  professionals  to  fill  such  jobs  as  investigative  forensics 
and  programming  at  the  FBI  Cyber  Division.51  Further,  the  DOD  finds 
itself  in  a  difficult  position  in  terms  of  educating  the  next  generation. 
Dr.  Michael  Wertheimer,  the  National  Security  Agency's  director  of  re¬ 
search  and  development,  briefed  members  of  the  Senate  Armed  Ser- 


January-February  2013 


Air  &  Space  Power  Journal  |  71 


Cyber  Focus 


V  Feature 


Lee 


The  Interim  Years  of  Cyberspace 


vices  Subcommittee  on  problems  in  recruiting  and  retaining  profes¬ 
sionals  in  computer  science,  pointing  out  that  77  percent  of  the 
agency's  information  technology  staff  resigns  rather  than  retires.52  We 
may  need  to  address  the  issue  of  paying  salaries  competitive  with 
those  in  private  industry,  but  our  long-term  strategy  must  look  to  les¬ 
sons  learned  from  the  aerial  domain. 

Excitement  and  a  sense  of  magic  surrounded  airplanes  and  their  pi¬ 
lots  during  the  early  days  of  airpower.  Those  flyers  braved  dangerous 
situations  in  an  unchartered  domain  to  break  records  and  mesmerize 
crowds.  France's  Reims  Air  Meet  of  22  August  1909,  the  world's  first 
major  air  show,  opened  the  door  for  many  more  around  the  globe.53 
Such  shows  and  air  races  both  inspired  future  pilots  and  educated  the 
public  on  the  capabilities  of  airpower.54  The  National  Air  Races,  held  in 
1929  during  the  interwar  years,  attracted  even  more  attention,  drawing 
more  than  half  a  million  people.55 

The  golden  age  of  the  1920s  embodied  the  allure  of  flying.  Pilots 
wanted  to  fly  higher,  faster,  and  farther  than  anyone  else.  Three  times 
between  1919  and  1921,  Army  pilots  broke  the  world  record  for  alti¬ 
tude.56  Cyber  operators,  however,  do  not  have  to  brave  dangerous 
speeds  and  acrobatics,  but  cyber  capabilities  can  certainly  captivate 
audiences  and  inspire  the  next  generation  of  cyber  operators. 

Hacking  and  security  conferences  demonstrate  the  latest  in  security 
advancements,  vulnerabilities,  and  exploits.  These  conferences  also  of¬ 
fer  a  way  for  those  in  attendance  to  network  with  people  from  a  variety 
of  backgrounds  who  all  have  in  common  a  certain  passion  for  cyber¬ 
space.  Unlike  the  early  air  shows,  these  conferences  are  neither  inex¬ 
pensive  to  attend  nor  embraced  by  the  public.  Although  admission  to 
some  well-known  conferences  such  as  DEF  CON  is  as  little  as  $150, 
others  require  thousands  of  dollars,  and  optional  training  costs  even 
more.57  Granted,  these  prices  reflect  both  the  type  of  audience  the  event 
wishes  to  reach  and  operating  costs,  but  persuading  the  mainstream 
public  to  attend  cyberspace-related  conferences  presents  a  problem. 
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Other  orchestrated  conferences  and  advances  in  cyber-related  edu¬ 
cation  benefit  the  domain.  The  DOD's  Cyber  Crime  Center  hosts  an 
annual  cyber  forensics  challenge  and  convention  that  provide  a  won¬ 
derful  opportunity  to  network,  learn  about  the  latest  advances  in  tech¬ 
nology,  and  sign  up  for  training  courses.  The  forensics  challenge  is 
free,  but  the  well-intended  and  beneficial  conference  costs  $500. 58  The 
government  and  DOD  must  host  low-cost  conferences  akin  to  air 
shows  where  they  can  display  capabilities  and  allow  cyberspace  to  cre¬ 
ate  its  own  sense  of  magic  and  allure. 

With  regard  to  making  cyber  deterrence  more  effective,  Gen  James 
Cartwright,  USMC,  retired,  former  vice-chairman  of  the  Joint  Chiefs  of 
Staff,  urged  open  discussion  of  and  training  in  some  cyber  offensive 
capabilities.59  Cyber  conferences  would  be  a  perfect  venue  for  mem¬ 
bers  of  the  DOD  to  showcase  some  of  the  nation's  cyber  capabilities, 
attract  audiences,  and  encourage  the  next  generation  while  deterring 
adversaries.  Moreover,  cyber  operators  could  offer  these  individuals 
low-cost  or  possibly  free  interactive,  appealing  classes  on  the  funda¬ 
mentals  of  cybersecurity  and  hacking,  thus  stimulating  interest  in  the 
domain  they  will  inherit. 

Educating  young  people  and  stirring  their  interest  in  cyber  are  in¬ 
credibly  important.  Although  the  DOD  is  deficient  in  this  area,  it  is 
taking  steps  in  the  right  direction  in  terms  of  educating  and  training 
young  officers  and  enlisted  members  who  have  signed  up  to  take  part 
in  the  cyberspace  domain.  For  example,  the  Air  Force's  Undergraduate 
Cyber  Training  technical  school  at  Keesler  AFB,  Mississippi,  which 
opened  on  21  June  2010,  offers  cyber  officers  a  six-month  training 
course  that  concludes  with  students  earning  their  cyberspace  wings.60 
The  schoolhouse  fails  students  who  do  not  pass  the  blocks  of  instruc¬ 
tion,  either  retraining  them  into  new  Air  Force  specialty  codes  or  sepa¬ 
rating  them  from  the  service. 

The  high-quality  education  offered  at  Undergraduate  Cyber  Training 
reflects  the  efforts  of  the  faculty,  made  up  of  Air  Force  enlisted  and  of¬ 
ficer  personnel  who  have  firsthand  experience  with  and  knowledge  of 
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cyberspace  operations.  These  instructors  work  to  inspire  and  train  the 
next  generation  of  cyberspace  officers  as  they  put  into  practice  Gen¬ 
eral  Schwartz's  belief  that  a  successful  career  should  include  a  tour  of 
duty  as  an  instructor.61  Doing  so  allows  the  faculty  not  only  to  sharpen 
their  skills  and  academic  pursuits  but  also  to  network  and  train  with 
future  squadron  leaders.  This  networking  creates  buy-in  from  both  the 
instructors  and  students,  contributing  to  the  overall  cyber  culture.  The 
domain  is  infused  with  a  sense  of  passion  when  instructors  relate  their 
experiences  and  students  become  excited  about  creating  their  own  sto¬ 
ries.  Instructor  pilots,  war  veterans,  and  participants  in  various  cyber 
missions  can  inspire  members  of  the  next  generation. 

The  early  airpower  culture  even  supported  acts  of  defiance  toward 
superiors  and  nonflyers  to  gain  their  peers'  favor  and  reverence.  Army 
Air  Corps  members  would  elevate  their  status  by  eliciting  trouble  and 
reprimand  from  Army  leaders.  They  embraced  the  role  of  outcasts  and 
found  it  empowering  to  create  a  diverse  group  and  culture  associated 
with  flying.62  Of  course,  military  cyberspace  professionals  need  not 
take  such  bold  steps  or  challenge  authority.  The  current  military  envi¬ 
ronment  favors  growth  of  the  cyberspace  domain,  and,  as  mentioned 
previously,  we  do  not  need  an  independent  cyber  service.  Neverthe¬ 
less,  members  of  the  military  cyberspace  culture  can  feel  very  much 
like  outcasts  because  of  the  domain's  newness  and  its  unexplored,  mis¬ 
understood  capabilities. 

We  must  embrace,  not  shun,  the  infant  cyber  culture.  Education  and 
the  fostering  of  a  competitive,  rewarding  instructor-duty  option  for  mili¬ 
tary  members  will  permit  the  cyber  culture  to  grow  and  develop.  The 
best  cyberspace  operators  should  compete  for  duty  as  instructors  and 
be  rewarded  with  personal  and  career-enhancing  opportunities.  This 
will  have  the  effect  of  continually  updating  the  educational  process  and 
invigorating  the  cyberspace  operators  who  participate.  Consequently,  a 
strong  and  unique  cyber  culture  will  develop,  attracting  and  retaining 
passionate  individuals  dedicated  to  establishing  cyber  dominance. 
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Conclusion 

The  cyberspace  domain  will  forge  its  own  place  in  history  as  a  do¬ 
main  of  warfare.  However,  similarities  with  the  traditional  war-fighting 
domains,  especially  the  aerial  domain,  provide  many  lessons  that  lead¬ 
ers  can  use  to  guide  the  direction  of  cyberspace.  By  understanding 
these  lessons  and  engaging  in  open  dialogues  about  the  direction  of 
the  domain  from  both  a  military  and  civilian  perspective,  we  can  apply 
the  proper  focus  to  cyberspace.  Specifically,  we  must  encourage  ac¬ 
tionable  intelligence  through  cyber  capabilities,  the  partnership  of  ci¬ 
vilian  and  military  professionals  for  national  defense,  and  the  cultiva¬ 
tion  of  a  cyber  culture  by  means  of  educating  the  next  generation. 

Commanders  must  know  what  they  can  request  in  terms  of  support 
from  cyber  operators  that  will  directly  benefit  their  missions.  Refrain¬ 
ing  from  overclassifying  information  that  pertains  to  cyber  intelligence 
and  cyber  capabilities  would  empower  leaders  at  the  tactical,  opera¬ 
tional,  and  strategic  levels  and  facilitate  the  sharing  of  information 
with  civilian  sectors  to  increase  cyber  awareness  and  create  meaning¬ 
ful  defense  strategies.  This  would  bolster  national  security  by  allowing 
civilian  leaders  to  help  defend  their  sectors  instead  of  relying  on  the 
DOD  and  Department  of  Homeland  Security.  Lastly,  by  showcasing 
cyber  capabilities  and  cyber  intelligence  at  learning  events  and  confer¬ 
ences,  we  could  not  only  fortify  cyber  deterrence  but  inspire  members 
of  the  next  generation  to  take  part  in  the  cyberspace  domain.  Those  in¬ 
dividuals  must  remain  the  center  of  our  long-term  strategy  for  protect¬ 
ing  the  domain  and  establishing  cyber  dominance. 

As  General  Alexander  observed,  “If  people  who  seek  to  harm  us  in 
cyberspace  learn  that  doing  so  is  costly  and  difficult,  we  believe  we 
will  see  their  patterns  of  behavior  change.  The  technology  is  ready.”63 
Interested  parties  throughout  the  cyberspace  domain,  including  the 
DOD,  civilian  sectors,  and  the  next  generation,  are  also  ready  for  the 
challenges  ahead.  Cyber  power  is  a  powerful  political  and  military  tool 
that  we  must  guide.  We  must  also  cement  its  place  in  history.  The  in- 
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terim  years  of  cyberspace  are  taking  place  now,  and  leaders  at  all  lev¬ 
els  must  act  accordingly  to  ensure  its  future  success.  O 
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